× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



We've just been through a whole exercise of trying to work out problems with the SQL web service stuff. Many of you in this thread who are getting inconsistent results may find it saves you some time.

Short version of the results of our investigation:

1) The *SYSTEM store must have been created and populated. But see item 2 below as to why you may not need it right now.

2) The old systools Java-based versions used the Java cert store which appears to be MUCH more comprehensive than the default certs available in the DCM's *SYSTEM store - even if you import every single one that IBM offers you.

3) Tools such as HTTPAPI by default do not require that the called site's cert be trusted by your system. So they will work with many sites that by default the SQL options will fail on.

4) The new SQL routines default to a fully secure transaction and insist on the cert being trusted by your system. There is however an option to request a less secure connection but it is not the default and currently appears to have a bug (or two).

5) Jesse Gorzinski's command line tools for DCM are a fabulous way of importing missing certs (and will be even better when a small hiccup is cured). You can find them here: https://github.com/ThePrez/DCM-tools <https://github.com/ThePrez/DCM-tools>

6) Regarding the "hiccup" we had to issue the commands like this:
PATH=/QOpenSys/usr/bin:$PATH dcmimport --installed-certs
PATH=/QOpenSys/usr/bin:$PATH dcmimport --fetch-from=httpbin.org:443 <http://httpbin.org:443/>

Where httpbin.org:443 <http://httpbin.org:443/> is the URL and port you wish to communicate with.

When the hiccups are resolved it should simply be: dcmimport --fetch-from=httpbin.org:443 <http://httpbin.org:443/>

It will ask you for the *SYSTEM store password and whether you trust the certs it plans to import.

7) You need to be up-to-date on HTTP PTFs.

Hope this helps some of you resolve the issues you are seeing and helps explain the differences you are experiencing.


We spent many hours and got a bunch of help from IBM to resolve it.


Jon P.



On Aug 4, 2022, at 4:15 PM, James H. H. Lampert via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

Neither one worked for me, on a V7R4 customer box that successfully accesses our web service every five minutes.

<shrug>

--
JHHL
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.